"This is open-source software written by hobbyists, maintained by a single volunteer, badly tested, written in a memory-unsafe language and full of security bugs. It is foolish to use this software to process untrusted data. As such, we treat security issues like any other bug. Each security report we receive will be made public immediately and won't be prioritized."
https://gitlab.gnome.org/GNOME/libxml2/-/issues/913
Follow
@alex insightful, calling out the maintainence burden originating from profiteering freeloaders.
Open-source work is a resume for many, and they want commercially useful projects there. If not for that, the volunteer tech stack could be very different (for the better?), and not worth free-loading off of.
